- Microsoft is testing new features for defender to the end point
- The features block traffic from and to undiscovered final points
- The goal is to minimize malicious lateral movement
Microsoft wants to minimize the risk of undiscovered final points by adding a new feature to its defender of the Endpoint product, which automatically blocks all traffic to and from such devices.
Such devices are an important security risk because they can bypass monitoring, lacking security checks and potentially serve as entry points for cyberattacks or data filling.
The company is currently testing a new capacity that will include the IP addresses on devices that have not been discovered or boarded to defend for endpoint.
Automatic protection
“Contains an IP address linked to undiscovered devices or devices that are not boarding defense to the end point is automatically performed through automatic attack disorder. Contains the IP policy automatically blocks a malicious IP address when defender for endpoint detects the IP address that must be associated with an undiscovered device or a device that is not on board,” said microsoft.
“Through automatic attack disorder, the defender of the endpoint identifies a malicious device, identifies the role of the device to apply a matching policy to automatically contain a critical asset. The granular inclusion is performed by only blocking specific gates and communication directions.”
We do not yet know when the feature will be released for users, but we know it will be available on Defender for Endpoint-Onened Devices running Windows 10, Windows 2012 R2, Windows 2016 and Windows Server 2019+.
Microsoft also explained that there is a way to prevent the product from containing different IP addresses by restoring the connection. It can be done via the “Contains IP” in “Action Center” which has a “Undo” button.
Via Bleeping computer
